昨天傍晚出去吃饭 回来发现电脑莫名其妙中毒了
每个分区下都多出了个  叫  web的类似文件夹的程序 描述部分是Window Sfc Mgr
c d e f 盘下都有  进程里多了个services.exe是小写的  不是系统进程那个大写  在C:\WINDOWS下也有这个文件 
进程结束不了 删除文件也删除不掉  查资料说是网络天空病毒  好象又不是啊  他们说先结束进程  可是根本不让结束啊  安全模式 进去又没这进程和文件了 木马客星查杀提示有木马 但是查杀一半就被非法关闭  晕菜

大虾们 帮帮忙 是虾米病毒 怎么解决啊  我快晕死了

图怎么发都不清楚啊 大家点开放大看吧 哎  斑竹的帖子我看了 可是进程根本没法结束 提示为 关键进程 任务管理器无法结束

最新的瑞星了 安全模式杀了1个小时差不多 也没发现病毒 晕了
斑竹啊  进程结束不了啊 有没专杀工具呢？

是玩传奇啊 这个和病毒有关系吗？
是不是这个日志啊

Logfile of HijackThis v1.99.1
Scan saved at 19:50:42, on 2005-8-2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
E:\PROGRAM FILES\RISING\RAV\Ravmond.exe
E:\PROGRAM FILES\RISING\RAV\RavStub.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NEC\e-Border Client\Client.exe
F:\下载文件\tool\代理注册\SocksOnlineV2\SocksOnlineV2.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\services.exe
D:\zzb2511\mir2.exe
D:\zzb2511\网吧服务端.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\zzb2510\mir.exe
D:\极限\Mir2Facility.exe
D:\zzb2510\mir.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
F:\下载文件\tool\系统安全\XP补丁\hijackthis\HijackThis.exe

R3 - URLSearchHook: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O1 - Hosts: 202.103.64.204 auto.search.msn.com
O2 - BHO: 搜索助手 - {04844102-FC0B-4f44-9E93-0C4293BB5E80} - C:\PROGRA~1\YDT\YDT.dll (file missing)
O2 - BHO: NaviHelperObj Class - {3E422F49-1566-40D3-B43D-077EF739AC32} - C:\WINDOWS\system32\NaviHelper.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: AssistII - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O3 - Toolbar: 上网助手 - {BB936323-19FA-4521-BA29-ECA6A121BC78} - C:\PROGRA~1\3721\assist\asbar.dll
O3 - Toolbar: (no name) - {B580CF65-E151-49C3-B73F-70B13FCA8E86} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NEC e-Border Credential] rem C:\Program Files\NEC\e-Border Client\s5credmgr.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [3721] rem C:\program files\3721.exe
O4 - HKLM\..\Run: [RfwMain] e:\Program Files\Rising\Rfw\rfwmain.exe
O4 - HKLM\..\Run: [RavTimer] E:\PROGRA~1\RISING\RAV\RAVTIMER.EXE
O4 - HKLM\..\Run: [RavMon] E:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM
O4 - HKLM\..\Run: [assistse] "C:\PROGRA~1\3721\assistse.exe"
O4 - HKLM\..\Run: [MS-4011 Memory Patch] F:\下载文件\tool\系统安全\XP补丁\RavSasser.exe -Patch
O4 - HKLM\..\RunOnce: [RavStub] "E:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] rem "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 下载页面上的ED2(&K)链接 - e:\Program Files\eMule\ed2k.html
O8 - Extra context menu item: 使用网际快车下载 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 使用网际快车下载全部链接 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 添加到QQ自定义面板 - E:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - E:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 用QQ彩信发送该图片 - E:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 百度-搜索MP3 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUMP3.HTM
O8 - Extra context menu item: 百度-搜索图片 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUIMG.HTM
O8 - Extra context menu item: 百度-搜索新闻 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUNEWS.HTM
O8 - Extra context menu item: 百度-搜索歌词 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDULYRIC.HTM
O8 - Extra context menu item: 百度-搜索网页 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUSEARCH.HTM
O8 - Extra context menu item: 百度-搜索贴吧 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDUPOST.HTM
O8 - Extra context menu item: 百度-词典搜索 - res://C:\Progra~1\Baidu\bar\BaiDuBar.dll/BAIDU_DIC.HTM
O9 - Extra button: 手机短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: vpp - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - D:\新建文件夹\ViP\vpp.exe
O9 - Extra button: Yahoo 1G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://rd.3721.com/taobao.rd?http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/buy1.php (file missing)
O9 - Extra button: 上网助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.3721.com/index.htm?fb=Cns (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - e:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - e:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.3721.com/security1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.3721.com/clean1.htm?fb=Cns (file missing)
O10 - Unknown file in Winsock LSP: c:\program files\nec\e-border client\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\nec\e-border client\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\nec\e-border client\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\nec\e-border client\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\nec\e-border client\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\nec\e-border client\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\nec\e-border client\s5spi.dll
O11 - Options group: [!CNS]  网络实名
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1117802613078
O16 - DPF: {C8BD9ACB-F7EC-48E6-BB2F-DAADC6789E9A} (Kingsoft DUBA OnlineScan) - http://ol.db.kingsoft.com/antiscan/setup/KAVClean.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{06F880E0-A7A1-4340-8FF1-E3E4E95B729F}: NameServer = 210.108.248.200
O17 - HKLM\System\CS1\Services\Tcpip\..\{06F880E0-A7A1-4340-8FF1-E3E4E95B729F}: NameServer = 210.108.248.200
O20 - AppInit_DLLs: apihookdll.dll
O21 - SSODL: AE0BDHGB - {66B5729A-25C9-26D3-3663-6858267C4E3B} - C:\WINDOWS\System32\Kchbda32.dll (file missing)
O21 - SSODL: mtkle - {7FAE4ED7-5099-45BC-BA96-B507C03FE43F} - C:\WINDOWS\System32\habpzo32.dll (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Corporation Limited - e:\program files\rising\rfw\rfwsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Rising Process Communication Center (RsCCenter) - rising - E:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - E:\PROGRAM FILES\RISING\RAV\Ravmond.exe

斑竹的意思是3721搞的怪？
我晕了 用3721好久了 都没事  不过大多数人都骂它  如果真是它搞的 我也要骂他了
ps 这个到底是虾米病毒 啊 ？ 影响是什么 好象电脑没什么异常反映  就怕盗密码呀